{ lib, config, ... }: with lib; let in { options = { wishlist = { enable = mkEnableOption "enables wishlist"; port = lib.mkOption { type = lib.types.int; default = 5434; description = "The port wishlist listens on."; }; host = mkOption { type = types.str; defaultText = literalExpression "127.0.0.1"; description = "The hostname that wishlist binds to"; }; domain = mkOption { type = types.str; description = "Domain name for wishlist to be served on."; }; }; }; config = mkMerge [ (mkIf config.wishlist.enable { systemd.tmpfiles.settings."wishlist-dirs" = { "/var/wishlist".d = { mode = "0755"; user = "root"; group = "root"; }; "/var/wishlist/uploads".d = { mode = "0755"; user = "root"; group = "root"; }; "/var/wishlist/data".d = { mode = "0755"; user = "root"; group = "root"; }; }; virtualisation.oci-containers = { backend = "podman"; containers = { wishlist = { image = "ghcr.io/cmintey/wishlist:latest"; volumes = [ "/var/wishlist/uploads:/usr/src/app/uploads" "/var/wishlist/data:/usr/src/app/data" ]; ports = [ "${config.wishlist.host}:${toString config.wishlist.port}:3280" ]; environment = { ORIGIN = "https://${config.wishlist.domain}"; TOKEN_TIME = "72"; }; }; }; }; # nginx reverse proxy services.nginx.virtualHosts."${config.wishlist.domain}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://${config.wishlist.host}:${toString config.wishlist.port}"; proxyWebsockets = true; extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;"; }; }; }) ]; }